Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

Security Intel Hub 29734+

Curated security advisories, vulnerability analyses, and exploit write-ups — auto-cleaned and translated to English. Updated continuously.

Examples: RCE · SSRF · GHSA · log4j
Filter
PressPrimer Quiz <= 2.3.0 IDOR Vulnerability (CVE-2026-10623) Advisory and Patch
www.wordfence.com · 2026-06-20

### Vulnerability Overview - **Vulnerability Name**: PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_…

Read more
CVSS 9.8
WooCommerce v7.1.0 Remote Code Execution Vulnerability (EDB-ID: 51156)
www.exploit-db.com · 2026-06-20

### Vulnerability Overview - **Vulnerability Name**: WooCommerce v7.1.0 - Remote Code Execution (RCE) - **EDB-ID**: 51156 - **Author**: Milad Karimi - **Type**: Webapps - **Platform**: PHP - **Date**:…

Read more
Premium intel
CVSS 9.8
WordPress Ultimate Addons for Beaver Builder < 1.2.4.1 Auth Bypass Vulnerability with PoC
www.exploit-db.com · 2026-06-20

### Vulnerability Overview The WordPress plugin Ultimate Addons for Beaver Builder version 1.2.4.1 contains an authentication bypass vulnerability. An attacker can exploit this flaw to access protecte…

Read more
CVSS 9.8
WordPress Ultimate Addons for Beaver Builder Pre-Auth Bypass (CVE-2019-25763)
www.vulncheck.com · 2026-06-20

### Vulnerability Overview - **Vulnerability Name**: WordPress Ultimate Addons for Beaver Builder 1.2.4.1 Authentication Bypass - **Severity**: Critical - **Release Date**: June 20, 2026 - **CVE ID**:…

Read more
CVSS 7.5
WordPress Time Capsule Plugin Authentication Bypass & RCE via POC
www.exploit-db.com · 2026-06-20

### Vulnerability Overview The WordPress plugin Time Capsule version 1.21.16 contains an authentication bypass vulnerability. Attackers can exploit this by constructing specific requests to bypass the…

Read more
Liquidfiles Privilege Escalation to SysAdmin via Multi-tenancy (CVE-2026-12673)
projectblack.io · 2026-06-20

### Vulnerability Overview - **Vulnerability Name**: Liquidfiles Privilege Escalation - **CVE ID**: CVE-2026-12673 - **Description**: In Liquidfiles, a secondary domain administrator can escalate thei…

Read more
CVSS 5.3
WordPress Video Conferencing with Zoom Missing Auth to SDK Credential Exposure CVE-2026-6964
www.wordfence.com · 2026-06-20

### Vulnerability Overview - **Vulnerability Name**: Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action - **CVE ID…

Read more
Premium intel
CVSS 7.5
simple-file-list Plugin File Upload Vulnerability Analysis
plugins.trac.wordpress.org · 2026-06-20

### Vulnerability Overview This vulnerability involves the `ee-list-display.php` file in the `simple-file-list` plugin, specifically in version 6.3.6. The vulnerability type is a file upload flaw, all…

Read more
Premium intel
CVSS 7.5
Path Traversal Vulnerability in WordPress simple-file-list Plugin with Patch Analysis
plugins.trac.wordpress.org · 2026-06-20

### Vulnerability Overview This vulnerability involves a path traversal issue in the WordPress plugin `simple-file-list`. Attackers can bypass the plugin's security checks by crafting specific request…

Read more
CVSS 6.5
WordPress simple-file-list Plugin Potential XSS/Command Injection Vulnerability Analysis
plugins.trac.wordpress.org · 2026-06-20

### Vulnerability Overview The attached screenshot displays the source code for the file `ee-list-ops-bar-display.php` of the WordPress plugin "simple-file-list". A potential security vulnerability ex…

Read more
CVSS 6.5
WordPress Simple File List Plugin File Upload Vulnerability Analysis
plugins.trac.wordpress.org · 2026-06-20

### Vulnerability Overview This vulnerability concerns the file upload functionality within the "Simple File List" WordPress plugin. Specifically, the flaw resides in the `ee-front-end.php` file, whic…

Read more
CVSS 6.5
simple-file-list plugin file upload vulnerability PoC and fix details
plugins.trac.wordpress.org · 2026-06-20

### Vulnerability Overview This vulnerability involves the `ee-list-ops-bar-process.php` file of the `simple-file-list` plugin. The flaw exists in the validation and processing of file operations, pot…

Read more
CVSS 6.5
simple-file-list plugin file upload vulnerability advisory
plugins.trac.wordpress.org · 2026-06-20

### Vulnerability Overview This vulnerability affects the `ee-list-display.php` file within the `simple-file-list` plugin, specifically in version `tags/6.3.6`. It is a file upload vulnerability that …

Read more
CVSS 5.3
CVE-2026-6798: WordPress 2Download Connector Unauthenticated Data Exposure via Missing Authorization
www.wordfence.com · 2026-06-20

### Vulnerability Overview - **Vulnerability Name**: 2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via '…

Read more
CVSS 4.9
Woosa <= 2.0.6 Authenticated Arbitrary File Read via log_file (CVE-2026-7547)
www.wordfence.com · 2026-06-20

### Vulnerability Overview An arbitrary file reading vulnerability at the administrator authentication level exists in Woosa <= 2.0.5, exploitable via the `log_file` parameter. This vulnerability allo…

Read more
CVSS 5.3
WP DSGVO Tools Missing Authorization Vulnerability Disclosure (CVE-2026-10034) Advisory
www.wordfence.com · 2026-06-20

### Vulnerability Overview - **Vulnerability Name**: WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpo…

Read more
Premium intel
CVSS 8.1
WordPress Plugin contact-form-entries SQL Injection Vulnerability Analysis
plugins.trac.wordpress.org · 2026-06-20

### Vulnerability Overview The provided screenshot displays the source code file `data.php` from the "contact-form-entries" WordPress plugin. A potential security vulnerability exists within this file…

Read more
CVE-2026-9265 OpenSSL PKCS12.c Heap Overflow Vulnerability Advisory
github.com · 2026-06-20

### Vulnerability Overview - **Vulnerability ID**: CVE-2026-9265 - **Vulnerability Type**: Heap Overflow - **Description**: In the `print_attribute` function, a heap overflow occurs when processing `U…

Read more
CVSS 5.3
Supabase PostgreSQL Unauthed SECURITY DEFINER RPC RCE/LPE via Cross-Tenant Data Poisoning
github.com · 2026-06-20

### Vulnerability Overview **Title**: Unauthenticated SECURITY DEFINER RPC `public.upsert_version_meta` allows cross-tenant writes to `version_meta` (persistent storage metrics poisoning) **Descriptio…

Read more
Premium intel
CVSS 8.8
Capgo API Key Scope Escalation Vulnerability via /functions/v1/apikey
github.com · 2026-06-20

### Vulnerability Overview **Title**: App-limited API keys can mint unrestricted API keys via /functions/v1/apikey (scope escalation to org-wide access) **Description**: A limited API key (`limited_to…

Read more

All articles are auto-cleaned (markdown extraction + LLM noise removal) and translated to English by our offline pipeline. Source URL is always preserved at the bottom of each article.

Want a specific source covered? Email us — we add new feeds weekly.